Virtual Private Networks (VPNs) Slide 2 2 VPN overview Virtual
Private Network (VPN) is defined as network connectivity deployed
on a shared infrastructure with the same policies and security as a
private network. A VPN can be between two end systems, or it can be
between two or more networks. A VPN can be built using tunnels and
encryption. VPNs can occur at any layer of the OSI protocol stack.
A VPN is an alternative WAN infrastructure that replaces or
augments existing private networks that use leased-line or
enterprise-owned Frame Relay or ATM networks. Slide 3 3 VPN
overview VPNs provide three critical functions: Confidentiality
(encryption) The sender can encrypt the packets before transmitting
them across a network. By doing so, no one can access the
communication without permission. If intercepted, the
communications cannot be read. Data integrity The receiver can
verify that the data was transmitted through the Internet without
being altered. Origin authentication The receiver can authenticate
the source of the packet, guaranteeing and certifying the source of
the information. Slide 4 4 VPN overview The primary benefits
include: VPNs offer lower cost than private networks. LAN-to-LAN
connectivity costs are typically reduced by 20 to 40 percent over
domestic leased-line networks. VPNs offer flexibility for enabling
the Internet economy. VPNs are inherently more flexible and
scalable network architectures than classic WANs. Slide 5 5 VPN
overview The primary benefits include: VPNs offer simplified
management burdens compared to owning and operating a private
network infrastructure. VPNs provide tunneled network topologies
that reduce management burdens. An IP backbone eliminates static
permanent virtual circuits (PVCs) associated with
connection-oriented protocols such as Frame Relay and ATM. Slide 6
6 VPN usage scenarios Slide 7 7 There are two types of remote
access VPNs: Client-Initiated Remote users use clients to establish
a secure tunnel across a shared ISP network to the enterprise.
Network Access Server-initiated Remote users dial in to an ISP. The
NAS establishes a secure tunnel to the enterprise private network
that might support multiple remote user-initiated sessions. Slide 8
8 Client Initiated VPN Remote-access VPNs are an extension of dial
networks. Remote access VPNs can terminate on head-end devices such
as Cisco Routers, PIX Firewalls or VPN Concentrators. Remote access
clients can include Cisco routers and VPN clients. Slide 9 9 VPN
Overview There are many different approaches to securing your
network. Application layer scenario Almost any web banking
scenario. Access your web banking from any PC in the world. Creates
an SSL connection between two applications and transports the data.
As long as web browser and web server have same standard
implementation of SSL. Disadvantage: Software based encryption
which adds processing time and additional CPU cycles. Slide 10 10
VPN Overview Another solution: Data Link Layer encryption Solves
the problems of using CPU cycles on the PC. Does not allow you to
scale to an ISP-sized environment very easily. Everything from
Layer 2 through Layer 7 is encrypted including the network address.
Makes it impossible to route the packet until the information is
decrypted. Cant use if crossing any type of public WAN. Slide 11 11
VPN Overview Another solution: Encryption at network and transport
layers. Examples: CET (Cisco Encryption Technology) and IPSec
Disadvantage of CET: proprietary (only Cisco equipment) Three
necessary components to a good VPN and part of IPSec:
1.Authentication 2.Data Integrity 3.Payload encryption Slide 12 12
Encryption Algorithms Some qualities to consider in a good
encryption algorithm: Security against cryptographic attacks
Scalable, variable length keys Any change to the clear-text input
should result in a large change to the encrypted output No
restrictions on import of export Slide 13 13 Encryption Algorithms
Symmetrical algorithm A shared key algorithm that is used to
encrypt and decrypt a message. Use the same key to encrypt and
decrypt the message. Asymmetrical algorithm Uses a pair of keys to
secure encrypt and decrypt a message. Uses one key to encrypt and a
different, but related, key to decrypt. SymmetricalAsymmetrical
Slide 14 14 Encryption Algorithms Common Symmetrical algorithms 56
bit Data Encryption Standard (DES) 168 bit 3DES, triple DES 128 or
256 bit Advanced Encryption Standard (AES) Advantages of
Symmetrical algorithms Speed, fast Mathematical computations are
easy to implement in hardware Good for large amounts of data
Disadvantage of Symmetrical algorithms Sender and receiver share
same passwords. There is the problem of how to share the password
(key management) Slide 15 15 Encryption Algorithms Common
Asymmetrical algorithms RSA, ElGamal, eliptic curves Advantages of
Symmetrical algorithms No problems with key management, one key is
kept private and the other key is public and given to anyone that
needs to encrypt data. Great for authentication because you are the
only one with the private key used to decrypt the data. Can be used
for digital signatures, authenticated key exchanges, email or small
amounts of data. Based on very hard mathematical equations.
Disadvantage of Symmetrical algorithms Slower in encrypting than
symmetrical algorithms Slide 16 16 Hashing Hashing is used for data
integrity. Hashing algorithms is a one-way algorithm that produces
a fixed-length output, no matter what the size of the input is.
Analogy: Blender with 3 small oranges and 3 big oranges Blend it
and make one cup of juice Your neighbor can do the exact same thing
You can never reverse-engineer the output to get the input. You
cant determine that 3 big and 3 small oranges were used to make the
one glass of juice. Slide 17 17 Hashing Two common hashing
algorithms: MD5: fixed-length 128 bit output SHA-1: fixed-length
160 bit output (preferred, less likely to result in a collision
(two different inputs giving the same output). Qualities in a good
hashing algorithm: High resistance to cryptographic attack Any
change to the clear-text input results in a large change in the
encrypted output. The probability of collision is low. Slide 18 18
Diffie-Hellman algorithm In a VPN network, fast, strong encryption
is a must. This is why most implementations use a symmetrical
algorithm to do payload encryption. Problem with symmetrical
algorithms is key management. Diffie-Hellman helps solve this. Used
for automatic secure key exchange of symmetrical shared keys (and
other types of keys) across an insecure network for IPSec. Slide 19
19 Diffie-Hellman algorithm - simplified Step 1: Rachel chooses her
secret color and adds 1 liter of blue to her paint can. Lauren
chooses her secret color red and adds 1.5 liters of red. Step 2: A
shared secret color is chosen that both Rachel and Lauren add 1.1
liters of green to their can. Step 3:The paint cans are exchanged.
Rachel adds 1 liter of her original secret color blue to the paint
can she got from Lauren. Lauren adds her 1.5 liters original secret
color red to the paint can she got from Rachel. Now both paint cans
have the identical colors with the same amounts. RachelLauren Step
1 Step 2 Step 3 Slide 20 20 IPSec Overview IPSec was designed to
work at Layers 3 and 4. Using different options can: Authenticate
Check for data integrity Encrypt the payload portion of IP IPSec
can be used between: Two gateways Two hosts Host and its gateway
Two primary protocols: Authentication Header (AH) Encapsulation
Security Protocol (ESP) Slide 21 21 AH Authentication Header AH
provides: data integrity authentication Does not provide encryption
Uses one-way has function (also called an HMAC) to guarantee data
integrity and origin of the packet. Entire IP packet put through
one-way hash. Includes IP header which could lead to problems. TTL
must be zeroized: to give a standard header Produces a new AH
header for the packet to be transmitted. AH may be applied alone,
in combination with the IP ESP. IP HeaderOther headers and
payloadSecret Session Key HMAC such as MD5 IP HeaderOther headers
and payloadAH Slide 22 22 ESP Encapsulating Security Protocol ESP
is primarily used to provide payload encryption. With current
revisions of the RFC, it also includes the ability for
authentication and integrity. Because ESP can include all three
services, authentication, integrity, and encryption, most
implementations do not include an AH options. IPSec can use
different algorithms for payload encryption such as: DES 3DES AES
Slide 23 23 Tunnel Mode versus Transport Mode Both AH and ESP can
operate in two modes: Transport Mode Tunnel Mode (default)
Transport Mode The original IP packet is put through the ESP and/or
AH options and then the original IP header is reused with the
packet, which would be the original packet plus added information
from ESP and/or AH. Tunnel mode The original IP packet is put
through the ESP and/or AH options and the a new IP header is
created for the new packet, which is a combination of the original
packet plus ESP and/or AH information plus a new IP header. AHESP
AH Hdr Authenticated Header and Data AH Hdr Everything is
Authenticated Slide 24 24 Transport Mode Transport mode Current IP
header has been used in the hashing algorithm and therefore cannot
be changed from sender to receiver. If the packet goes through any
device that performs NAT/PAT, then a portion of the IP header is
changed and you will never get the same hash output, because of
different inputs at the sender and receiver ends. Therefore, the
packet will never be validated at the receiving end. AHESP AH Hdr
Authenticated Header and Data AH Hdr Everything is Authenticated
Slide 25 25 Transport Mode Transport mode Should only be used if:
You have control of the network from end to end Guarantee no IP
packet manipulation will take place. AHESP AH Hdr Authenticated
Header and Data AH Hdr Everything is Authenticated Slide 26 26
Tunnel Mode Tunnel mode A new IP header is used from gateway device
to gateway device, and the original packet is tunneled inside. Once
the receiving end receives the packet: Removes the new IP header
Decrypts original header A new tunnel header can be added, which
can get manipulated (NAT) throughout the network without affecting
the tunneled protocol. AHESP AH Hdr Authenticated Header and Data
AH Hdr Everything is Authenticated Slide 27 27 Tunnel Mode versus
Transport Mode In transport mode end hosts do IPSec encapsulation
of their own data (host-to-host) therefore IPSec has to be
implemented on each of the end-hosts. The application endpoint must
be also the IPSec endpoint. ESP transport mode is used between
hosts. In tunnel mode IPSec gateways provide IPSec services to
other hosts in peer-to-peer tunnels, and end-hosts are not aware of
IPSec being used to protect their traffic. Slide 28 28 SA -
Security Associations Before an IPSec tunnel/transport can be
created, certain parameters must be negotiated and kept track of.
Security Associations (SAs) represent a policy contract between two
peers or hosts, and describe how the peers will use IPSec security
services to protect network traffic. SAs contain all the security
parameters needed to securely transport packets between the peers
or hosts, and define the security policy used in IPSec. Every VPN
device has to have some form of security policy database (SPD),
referred to as a Security Associate (SA). VPN devices store all
their active SAs in a local database called the SA database (SADB).
Slide 29 29 SA - Security Associations An SA is a single connection
and all the parameters associated with it that are agree upon by
the two devices participating in the exchange. Each SA is
unidirectional. There will always be at least two SAs in your SPD,
one for A to B and B to A. Possible to have multiple peers in a VPN
network (NAS). Each SA gets a unique 32 bit Security Parameter
Index (SPI) number that is sent in every packet pertaining to the
specific SA. Slide 30 30 SA - Security Associations The SA keeps
track of general information such as : source IP destination IP
IPSec protocols used SPI, encryption and authentication algorithms
key lifetime (sets the amount of time and/or byte count that a key
is valid for; longer the time, the more vulnerable the data is.)
Slide 31 31 IKE Internet Key Exchange Internet Key Exchange (IKE)
is used to establish all the information needed for a VPN tunnel.
Within IKE: Security policies are negotiated SAs are established
Create and exchange keys that will be used by other algorithms such
as DES There are two phases to IKE Slide 32 32 IKE Phase One Phase
One Used to negotiate policy sets Authenticate peers Create a
secure channel between peers Standard policy set:
ParameterStrongStronger Encryption algorithmDES3DES Hash
algorithmMD5SHA-1 Authentication methodPresharedRSA signatures Key
exchangeDiffie-Hellman group 1Diffie-Hellman group 2 IKE SA
lifetime86,400 secondsLess than 86,400 secs. Slide 33 33 IKE Phase
One Phase One Main mode: three different and distinct exchanges
take place to add to the security of the tunnel. Aggressive mode:
Everything is sent in a single exchange. ParameterStrongStronger
Encryption algorithmDES3DES Hash algorithmMD5SHA-1 Authentication
methodPresharedRSA signatures Key exchangeDiffie-Hellman group
1Diffie-Hellman group 2 IKE SA lifetime86,400 secondsLess than
86,400 secs. Slide 34 34 IKE Phase Two Phase Two Used to: Negotiate
the IPSec security parameters Establish SAs Optionally perform
Diffie-Hellman Key exchanges Has one mode, quick mode, which
happens after Phase One. Slide 35 35 IKE protects SAs The IKE
tunnel protects the SA negotiations. After the SAs are in place,
IPSec protects the data that A and B exchange. IKE Mode
configuration allows a gateway to download an IP address (and other
network-level configuration) to the client as part of an IKE
negotiation. Slide 36 36 Preparing for IKE and IPSec Step 1 Define
interesting traffic that should be protected. Step 2 Perform IKE
phase 1 negotiate the security policy, etc. Step 3 Perform IKE
phase 2 negotiate SAs, etc. Step 4 Transfer data encrypt
interesting traffic and send it to peer devices,. Step 5 Tear down
the tunnel. Slide 37 37 Preparing for IKE and IPSec Do my current
ACLs allow ESP, AH, and IKE to terminate on the router? What
interesting traffic needs to be encrypted? What phase one policies
can I support? What phase two policies will be implemented? Does
the network route properly before I add encryption services?
(ping?) Slide 38 38 Do my current ACLs allow ESP, AH, and IKE to
terminate on the router? Slide 39 39 Identify IPSec peers Slide 40
40 Ensure the network works Slide 41 41 IPSec policy example The
figure shows a summary of IPSec encryption policy details that will
be configured in examples in this module. Details about IPSec
transforms are covered in a later section in this module. The
example policy specifies that TCP traffic between the hosts should
be encrypted by IPSec using DES. Slide 42 42 Configuring IKE By
default, IKE is enabled in Cisco IOS. Slide 43 43 Step 1 Enable IKE
By default, IKE is enabled in Cisco IOS. Slide 44 44 Step 2 Create
IKE policies You then create your isakmp (Internet Security
Association and Key Management Protocol) policies. The lower the
policy-number or priority, the more preferred it is. You might have
many policies on one device because each remote peer could have a
different security profile created. For example
RouterA(config-iskamp)# Apply all options for IKE Phase One policy
here. Slide 45 45 Step 2 Create IKE policies For example, R&D
lab would probably have high security settings applied such as 3DES
for payload encryption and SHA-1 for authentication and integrity.
A shipping office might only have MD5 authentication and integrity
and no encryption because it may not matter whether your
competitors know how many items you are shipping.
RouterA(config-iskamp)# Apply all options for IKE Phase One policy
here. Slide 46 46 Step 2 Create IKE policies The goal of defining a
suite of IKE policies is to establish ISAKMP peering between two
IPSec endpoints. Use the IKE policy details gathered during the
planning task. Slide 47 47 Create IKE policies with the crypto
isakmp command The crypto isakmp policy command invokes the ISAKMP
policy configuration command mode ( config-isakmp ) where the
ISAKMP parameters can be set. Slide 48 48 Create IKE policies with
the crypto isakmp command If one of these commands is not specified
for a policy, the default value will be used for that parameter.
While in the config-isakmp command mode, the keywords are available
to specify the parameters in the policy as shown. Slide 49 49 IKE
policy negotiation A match is made when both policies from the two
peers contain the same encryption, hash, authentication, and
Diffie-Hellman parameter values, and when the remote peer's policy
specifies a lifetime less than or equal to the lifetime in the
policy being compared. Slide 50 50 Step 3 Configure ISAKMP identity
IPSec peers authenticate each other during ISAKMP negotiations
using the pre-shared key and the ISAKMP identity. The identity can
either be the router IP address or host name. Cisco IOS software
uses the IP address identity method by default. A command
indicating the address mode does not appear in the router
configuration. Slide 51 51 Step 4 Configure pre-shared keys
Configure a pre-shared authentication key with the crypto isakmp
key global configuration command. This key must be configured
whenever pre-shared keys are specified in an ISAKMP policy. Slide
52 52 Step 4 Configure pre-shared keys RouterB(config)#crypto
isakmp key cisco1234 address 172.30.1.1 RouterB(config)#crypto
isakmp policy 110 RouterB(config-isakmp)#hash md5
RouterB(config-isakmp)#authentication pre-share
RouterA(config)#crypto isakmp key cisco1234 address 172.30.2.1
RouterA(config)#crypto isakmp policy 110
RouterA(config-isakmp)#hash md5
RouterA(config-isakmp)#authentication pre-share Slide 53 53 Step 5
Verify IKE configuration RouterA#show crypto isakmp policy
Protection suite of priority 110 encryption algorithm: DES - Data
Encryption Standard (56 bit keys). hash algorithm: Message Digest 5
authentication method: Pre-Shared Key Diffie-Hellman group: #1 (768
bit) lifetime: 86400 seconds, no volume limit Default protection
suite encryption algorithm: DES - Data Encryption Standard (56 bit
keys). hash algorithm: Secure Hash Standard authentication method:
Rivest-Shamir-Adleman Signature Diffie-Hellman group: #1 (768 bit)
lifetime: 86400 seconds, no volume limit Slide 54 54 Task 3
Configure IPSec The general tasks and commands used to configure
IPSec encryption on Cisco routers are summarized as follows.
Optional To specify interesting traffic Pulling it all together
Slide 55 55 Step 1 Configure transform set suites A transform set
defines the type of authentication, integrity, and payload
encryption you will use for your VPN tunnel. Depending upon you r
security policy, you can choose what type of algorithms will be
applied to the data for a specific connection. You could choose
just authentication and integrity by selecting AH, or you could
choose payload encryption, authentication, and integrity by
selecting two ESP options, or you could choose to have both AH and
ESP options. Slide 56 56 Step 1 Configure transform set suites When
you create transform sets, you have the options that are outlined
here: Transform Type AH TransformESP Encryption Transform ESP
Authentication Transform Allowed Transform Options ah-md5-hmac
ah-sha-hmac esp-des esp-3des esp-null esp-md5-hmac esp-sha-hmac
Slide 57 57 Step 2 Configure global IPSec security association
lifetimes (optional) Slide 58 58 Step 3 - Crypto ACLs So far, you
have configured how all of the traffic will be encrypted and
transported, and what your peers will use as session keys. All that
is left is to specify interesting traffic to be encrypted by your
tunnel. This is done using extended ACLs. Slide 59 59 Step 3 Create
crypto ACLs using extended access lists The crypto ACL does not
permit or deny traffic as normal ACLs do. It is used to dfine what
is encrypted permitted or not encrypted denied in your VPN tunnel.
All traffic still flows from from device to device unless a normal
ACL has been used to do otherwise. Slide 60 60 Step 3 Create crypto
ACLs using extended access lists The crypto ACL must mirror images
of each other.. Slide 61 61 Step 3 Create crypto ACLs using
extended access lists The crypto ACL must mirror images of each
other. Slide 62 62 Step 4 - Purpose of crypto maps Now that you
have all the required information to create your VPN tunnel, you
need to pull everything together and apply it to an interface.
Crypto maps do this. Slide 63 63 Example crypto map commands There
are a few types of crypto map statements, but for this exam the
crypto map ipsec-isakmp is used for automatic key exchanges. Slide
64 64 Step 5 Apply crypto maps to interfaces Once you have
specified all of the needed information, you need to apply it to
the outgoing interface. Slide 65 65 IPSec configuration examples
Slide 66 66 Test and Verify IPSec
